draft work for tx server authentication

This commit is contained in:
Grahame Grieve 2024-10-18 15:22:09 +08:00
parent ef800e372f
commit 5117b57305
11 changed files with 89 additions and 16 deletions

View File

@ -3,5 +3,6 @@ package org.hl7.fhir.utilities.http;
public enum HTTPAuthenticationMode {
NONE,
BASIC,
TOKEN
TOKEN,
APIKEY
}

View File

@ -43,6 +43,7 @@ import java.util.List;
import java.util.Map;
import org.hl7.fhir.utilities.Utilities;
import org.hl7.fhir.utilities.settings.ServerDetailsPOJO;
/**
* see security.md - manages access to the local file system by the FHIR HAPI Core library
@ -73,6 +74,7 @@ public class ManagedWebAccess {
private static List<String> allowedDomains = new ArrayList<>();
private static IWebAccessor accessor;
private static String userAgent;
private static List<ServerDetailsPOJO> serverAuthDetails;
public static WebAccessPolicy getAccessPolicy() {
@ -108,7 +110,7 @@ public class ManagedWebAccess {
}
public static ManagedWebAccessBuilder builder() {
return new ManagedWebAccessBuilder(userAgent);
return new ManagedWebAccessBuilder(userAgent, serverAuthDetails);
}
public static HTTPResult get(String url) throws IOException {

View File

@ -4,8 +4,11 @@ import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.hl7.fhir.utilities.settings.ServerDetailsPOJO;
public class ManagedWebAccessBuilder {
@ -15,10 +18,12 @@ public class ManagedWebAccessBuilder {
private String password;
private String token;
private String accept;
private List<ServerDetailsPOJO> serverAuthDetails;
private Map<String, String> headers = new HashMap<String, String>();
public ManagedWebAccessBuilder(String userAgent) {
public ManagedWebAccessBuilder(String userAgent, List<ServerDetailsPOJO> serverAuthDetails) {
this.userAgent = userAgent;
this.serverAuthDetails = serverAuthDetails;
}
public ManagedWebAccessBuilder withAccept(String accept) {
@ -70,10 +75,42 @@ public class ManagedWebAccessBuilder {
if (userAgent != null) {
client.addHeader("User-Agent", userAgent);
}
if (username != null || token != null) {
if (authenticationMode != null && authenticationMode != HTTPAuthenticationMode.NONE) {
client.setAuthenticationMode(authenticationMode);
switch (authenticationMode) {
case BASIC :
client.setUsername(username);
client.setPassword(password);
break;
case TOKEN :
client.setToken(token);
break;
case APIKEY :
client.setApiKey(token);
break;
}
} else {
ServerDetailsPOJO settings = getServer(url);
if (settings != null) {
switch (settings.getAuthenticationType()) {
case "basic" :
client.setUsername(settings.getUsername());
client.setPassword(settings.getPassword());
client.setAuthenticationMode(HTTPAuthenticationMode.BASIC);
break;
case "token" :
client.setToken(settings.getToken());
client.setAuthenticationMode(HTTPAuthenticationMode.TOKEN);
break;
case "apikey" :
client.setApiKey(settings.getApikey());
client.setAuthenticationMode(HTTPAuthenticationMode.APIKEY);
break;
}
}
}
if (username != null || token != null) {
client.setAuthenticationMode(authenticationMode);
}
return client;

View File

@ -54,6 +54,9 @@ public class SimpleHTTPClient {
@Getter @Setter
private String token;
@Getter @Setter
private String apiKey;
public void addHeader(String name, String value) {
headers.add(new Header(name, value));
}
@ -128,6 +131,8 @@ public class SimpleHTTPClient {
String auth = username+":"+password;
byte[] encodedAuth = Base64.getEncoder().encode(auth.getBytes(StandardCharsets.UTF_8));
authHeaderValue = "Basic " + new String(encodedAuth);
} else if (authenticationMode == HTTPAuthenticationMode.APIKEY) {
c.setRequestProperty("Api-Key", apiKey);
}
if (authHeaderValue != null) {

View File

@ -9,7 +9,7 @@ import javax.annotation.Nullable;
import org.hl7.fhir.utilities.http.HTTPAuthenticationMode;
import org.hl7.fhir.utilities.http.SimpleHTTPClient;
import org.hl7.fhir.utilities.settings.FhirSettings;
import org.hl7.fhir.utilities.settings.PackageServerPOJO;
import org.hl7.fhir.utilities.settings.ServerDetailsPOJO;
import lombok.Getter;
@ -65,7 +65,7 @@ public class PackageServer {
return servers;
}
public static PackageServer getPackageServerFromPOJO(PackageServerPOJO pojo) {
public static PackageServer getPackageServerFromPOJO(ServerDetailsPOJO pojo) {
return new PackageServer(pojo.getUrl())
.withAuthenticationMode(getModeFromPOJO(pojo))
.withServerType(
@ -77,7 +77,7 @@ public class PackageServer {
}
@Nullable
private static HTTPAuthenticationMode getModeFromPOJO(PackageServerPOJO pojo) {
private static HTTPAuthenticationMode getModeFromPOJO(ServerDetailsPOJO pojo) {
if (pojo.getAuthenticationType().equalsIgnoreCase("basic")) return HTTPAuthenticationMode.BASIC;
if (pojo.getAuthenticationType().equalsIgnoreCase("token")) return HTTPAuthenticationMode.TOKEN;
return null;

View File

@ -227,11 +227,11 @@ public class FhirSettings {
return instance.fhirSettings.getPackageManagement().getIgnoreDefaultServers();
}
public static List<PackageServerPOJO> getPackageServers() {
public static List<ServerDetailsPOJO> getPackageServers() {
getInstance();
if (instance.fhirSettings.getPackageManagement() == null) {
return Collections.emptyList();
}
return List.of(instance.fhirSettings.getPackageManagement().getServers().toArray(new PackageServerPOJO[]{}));
return List.of(instance.fhirSettings.getPackageManagement().getServers().toArray(new ServerDetailsPOJO[]{}));
}
}

View File

@ -40,6 +40,7 @@ public class FhirSettingsPOJO {
private String txFhirLocal;
private PackageManagementPOJO packageManagement;
private TerminologyServersPOJO terminologyServers;
protected FhirSettingsPOJO() {
apiKeys = null;
@ -54,5 +55,6 @@ public class FhirSettingsPOJO {
txFhirLocal = TX_SERVER_LOCAL;
packageManagement = null;
terminologyServers = null;
}
}

View File

@ -16,7 +16,7 @@ public class PackageManagementPOJO {
private Boolean ignoreDefaultServers;
private List<PackageServerPOJO> servers;
private List<ServerDetailsPOJO> servers;
protected PackageManagementPOJO() {
ignoreDefaultServers = false;

View File

@ -9,12 +9,14 @@ import lombok.extern.jackson.Jacksonized;
@Builder
@Jacksonized
@AllArgsConstructor
public class PackageServerPOJO {
public class ServerDetailsPOJO {
String url;
// possible values: none, basic, token, apikey
String authenticationType;
@Deprecated
String serverType;
String username;
@ -23,4 +25,6 @@ public class PackageServerPOJO {
String token;
String apikey;
}

View File

@ -0,0 +1,22 @@
package org.hl7.fhir.utilities.settings;
import java.util.ArrayList;
import java.util.List;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.extern.jackson.Jacksonized;
@Data
@Builder
@Jacksonized
@AllArgsConstructor
public class TerminologyServersPOJO {
private List<ServerDetailsPOJO> servers;
protected TerminologyServersPOJO() {
servers = new ArrayList<>();
}
}

View File

@ -87,7 +87,7 @@ public class FhirSettingsTests implements ResourceLoaderTests {
assertTrue(fhirSettings.getPackageManagement().getIgnoreDefaultServers());
List<PackageServerPOJO> packageServers = fhirSettings.getPackageManagement().getServers();
List<ServerDetailsPOJO> packageServers = fhirSettings.getPackageManagement().getServers();
assertEquals(2, packageServers.size());